FirstBlood-#441Reflected XSS on the /login.php endpoint with the goto vulnerable parameter
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-25, johandu97 Level 4 reported:

Summary

Improper input validation leads to attackers injecting malicious characters causing XSS vulnerabilities

POC

  1. Hi @zseano, I found reflected xss on /login.php endpoint with goto vulnerable parameter
  2. Use payload to bypass filter: test123"><scrip<script>t>aleralertt%601%60</scrip</script>t>, xss is executed

Recommendations

Validate/santize malicious inputs that cause xss like < > ' " ...

P3 Medium

Endpoint: /login.php

Parameter: goto

Payload: test123"><scrip<script>t>aleralertt`1`</scrip</script>t>


FirstBlood ID: 26
Vulnerability Type: Reflective XSS

The developers thought they had fixed ?goto= when reflected in an input tag on login.php from a similar bug (ID 39), but because this endpoint uses legacy code their changes were not applied here and thus the XSS was forgotten.